118 IBM Eserver Certification Study Guide: Cluster 1600 Managed by PSSP
3.6 Using AFS® in a Cluster 1600 configuration
Andrew File System (AFS) and Transarc began development at Carnegie
Mellon's Information Technology Center in the mid 80s. AFS is a distributed file
system that enables sharing files across both local area and wide area networks.
AFS includes an authentication implementation that is based on Kerberos V4.
Therefore, AFS authentication servers can be used in place of a Cluster 1600
managed by PSSP authentication server to provide credentials for Kerberos V4
Although AFS and SP Kerberos V4 authentication services can work together,
there are differences in the way the authentication database is administered (for
example, adding principals and changing passwords).
AFS uses a different set of servers, protocols, interfaces, and commands for
Kerberos V4 database administration.
Some useful features of AFS:
In conjunction with Kerberos, AFS provides a global authentication system
(all passwords are verified with a site-wide database).
Access Control Lists (ACLs) provide more flexibility in setting file access
permissions than traditional UNIX file systems.
Users can access AFS files at remote sites, if given appropriate permissions.
Since AFS is not directly related to a Cluster 1600 managed by PSSP
configuration, we created an appendix that covers the basic AFS terms.
Therefore, for more information about AFS, refer to Appendix C, “AFS as a
Cluster 1600 Kerberos-based security system” on page 545.
3.7 Related documentation
The following documentation will help you understand the concepts and
examples covered in this guide.
PSSP Administration Guide, SA22-7348 covers “Using a switch”.
RS/6000 SP Planning, Volume 2: Control Workstation and Software
Environment, GA22-7281 covers “Planning your network configuration”.
PSSP Installation and Migration Guide, GA22-7347 covers “Initializing to use